Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:adm:systems:winrm_ad_connector [2019/09/19 05:28] kucerar fixes, added more info to installation part |
devel:documentation:adm:systems:winrm_ad_connector [2020/05/05 09:45] apeterova [Installation] - certificate of AD |
||
---|---|---|---|
Line 5: | Line 5: | ||
Typical use cases for this combined connector are: | Typical use cases for this combined connector are: | ||
- | * Management of home directories - User is created via AD connector and home directory is created by WinRM Connector (powershell) | + | * Management of home directories - User is created via AD connector and home directory is created by WinRM Connector (powershell). Owner of home directory can be set only locally. |
* Management of o365 | * Management of o365 | ||
* Management of Exchange | * Management of Exchange | ||
Line 44: | Line 44: | ||
Powershell scripts are in subfolders. It's not only " | Powershell scripts are in subfolders. It's not only " | ||
- | All of these scripts logging into connector server log | + | All of these scripts logging into connector server log. All log messages are shown after powershell script is executed and the control is returned into connector. So it can see that the log is frozen if the powershell script will run some time. Disadvantage is, if your powershell script froze for real you will not see any log. This can happen for example if you execute some command which will wait for user input, but you can prevent this one by using [[devel: |
Then in folder " | Then in folder " | ||
Line 101: | Line 101: | ||
===== Scripts ===== | ===== Scripts ===== | ||
+ | |||
+ | For more information about how to write scripts, follow [[devel: | ||
+ | |||
==== python ==== | ==== python ==== | ||
Python scripts should start with these two lines: | Python scripts should start with these two lines: | ||
Line 118: | Line 121: | ||
We are using encoding otherwise you will have problem with diacritics in powershell when you want to encode the powershell script before sending it via WinRM. | We are using encoding otherwise you will have problem with diacritics in powershell when you want to encode the powershell script before sending it via WinRM. | ||
+ | <note tip> | ||
+ | <note tip>For search and delete operations IdM only sends uid. So in this scripts you cannot use any other attributes. For example someone would want to rename home directory in delete script and leave it there for period of time as backup. But in this situation you can only add to home directory' | ||
===== Installation ===== | ===== Installation ===== | ||
For using WinRM part of this connector you need to install a few things which is needed, otherwise you can skip these steps. | For using WinRM part of this connector you need to install a few things which is needed, otherwise you can skip these steps. | ||
Line 125: | Line 129: | ||
* Install pywinrm and dependencies. You can follow official guide https:// | * Install pywinrm and dependencies. You can follow official guide https:// | ||
- | Now we have prepared the tool which is used by our connector. Next you need to install | + | <note tip> |
+ | < | ||
+ | su - connector-server | ||
+ | pip install --user pywinrm | ||
- | < | + | #those only if you need them |
- | You can download whole bundle with prepared and tested connector server https:// | + | pip install |
- | <note important> | + | pip install |
- | + | ||
- | Or you can follow this guide and prepare the connector server yourself | + | |
- | This connector is tested in java connector server 1.4.5.1 https:// | + | |
- | and with connector-framework 1.4.3.0 | + | |
- | + | ||
- | Next you will need to add these libraries into lib folder of the connector server: | + | |
- | * jackson-annotations-2.9.8 | + | |
- | * jackson-core-2.9.8 | + | |
- | * jackson-databind-2.9.8 | + | |
- | You will probably need to add these libs into classpath in ConnectorServer.sh or ConnectorServer.bat it depends on your OS. | + | |
- | + | ||
- | Next it's good to do some more configuration as setting new password for connector server and create new user under which the connector server will be started. | + | |
- | + | ||
- | For setting new password for you remote connector use | + | |
- | < | + | |
- | ./ | + | |
</ | </ | ||
+ | </ | ||
+ | Now we have prepared the tool which is used by our connector. Next you need to install java connector server. Connector server is not mandatory but as we wrote in the first section it is strongly recommended. | ||
- | If you want to be able to run connector server as a service | + | - Follow [[devel: |
- | + | - Put '' | |
- | < | + | - Put CA certificate to WinRM server |
- | # create user which we run the connector server | + | - Put CA certificate to AD servers in the [[devel: |
- | useradd connector-server | + | |
- | + | ||
- | #create file | + | |
- | / | + | |
- | + | ||
- | # content of the file, change path according where you have your connector server | + | |
- | [Unit] | + | |
- | Description=Java Connector Server Service | + | |
- | [Service] | + | |
- | User=connector-server | + | |
- | WorkingDirectory=/ | + | |
- | ExecStart=/ | + | |
- | SuccessExitStatus=143 | + | |
- | [Install] | + | |
- | WantedBy=multi-user.target | + | |
- | + | ||
- | # Reload and enable deamon | + | |
- | systemctl daemon-reload | + | |
- | systemctl enable java-connector-server | + | |
- | + | ||
- | # Use this to start/ | + | |
- | systemctl start java-connector-server | + | |
- | systemctl stop java-connector-server | + | |
- | systemctl status java-connector-server | + | |
- | </code> | + | |
- | + | ||
- | Now you can put winrm-ad-connector-1.0.1.jar to the bundles folder inside connector server and you can start it. | + | |
- | Next thing which you need to do is configure | + | - Configure |
===== Configuration ===== | ===== Configuration ===== | ||
Line 235: | Line 201: | ||
You can configure the order of connectors. Default behavior is that AD connector is first. | You can configure the order of connectors. Default behavior is that AD connector is first. | ||
{{ : | {{ : | ||
+ | < |